I answered
a questions in Zhihu
about "What's the implementation of Xposed Framework on ART Runtime". I realize
that this is an interesting question because I did a research on
hooking/interception years ago. Therefore, I then went through the code and here
is a breakdown notes on the Xposed Framework.

voidXposedBridge_hookMethodNative(JNIEnv*env,jclass,jobjectjavaReflectedMethod,jobject,jint,jobjectjavaAdditionalInfo){// Detect usage errors.
if(javaReflectedMethod==nullptr){#if PLATFORM_SDK_VERSION >= 23
ThrowIllegalArgumentException("method must not be null");#else
ThrowIllegalArgumentException(nullptr,"method must not be null");#endif
return;}// Get the ArtMethod of the method to be hooked.
ScopedObjectAccesssoa(env);ArtMethod*artMethod=ArtMethod::FromReflectedMethod(soa,javaReflectedMethod);// Hook the method
artMethod->EnableXposedHook(soa,javaAdditionalInfo);}

replace the entrypoint of original method by invoking SetEntryPointFromJni() method

In the end, the original method will be replace with new one.

In summary, the Xposed framework will replace the ArtMethod pointer with the new
code. Note that the hooking can only be done in framework layer above ART
runtime. This means that any native method written by C/C++ (NDK) still cannot
be hooked. Furthermore, some functionalities in Android are only implemented in
native code. Therefore, there are still several limitations for the Xposed
framework. But, I guess it's enough for some people to create interesting
modules. Thanks for reading. Happy hacking!